Proposed class-action lawsuits have been filed against Bank of Montreal and CIBC's direct banking division Simplii Financial over recently disclosed cybersecurity breaches impacting up to 90,000 customers.
Law firms Siskinds LLP and JSS Barristers say they have filed the proposed class actions against the two Canadian banks in the Ontario Superior Court of Justice, alleging the institutions failed to establish robust security measures to protect clients' sensitive information.
The banks did not immediately respond to requests for comment.
Simplii and BMO warned in May that "fraudsters" may have accessed certain personal and financial information of some of its customers, up to 40,000 clients and 50,000 clients, respectively.
Both institutions said they had been contacted by entities claiming to have accessed their client's personal data. A BMO spokesman said a threat was made to make the information public.
BMO and CIBC have since offered clients free credit monitoring and have pledged to cover any money lost from affected bank accounts due to fraud.
The proposed class action lawsuits, which have not yet been certified, are seeking general, compensatory, consequential and punitive damages on behalf of affected Simplii Financial and BMO clients.
The data breaches have had far reaching implications on clients' personal lives and financial affairs, the full extent of which has yet to be determined, said Sajjad Nematollahi, a lawyer with Siskinds.
"Financial institutions like CIBC and BMO are entrusted with their clients' most sensitive personal information, and are expected to have in place robust security measures to safeguard that information against unauthorized access, use or theft," he said in a statement.
"Canadian financial institutions are required and expected to continuously review their defence systems and use best industry practices to protect Canadians' personal and financial information."